Reduce Costs and Complexity with Network Security Consolidation
Total Page:16
File Type:pdf, Size:1020Kb
USE CASE: Reduce Costs and Complexity With Network Security Consolidation REDUCE COSTS AND COMPLEXITY WITH NETWORK SECURITY CONSOLIDATION Business Problem Industry To improve efficiency and increase client satisfaction, governments continue Government to adopt digital technologies that modernize their processes and better serve citizens. Every expansion into new digital technologies (remote employee Use Case access, client self-service, Wi-Fi, SaaS, cloud, IoT and more) also introduces Reduce network security costs and vulnerabilities and points where the network can be infiltrated. In addition, complexity by consolidating multiple as governments collect and store more valuable data digitally, they become security point products into one platform. attractive targets for cyberattackers seeking to spy or profit. The result is a cybersecurity arms race in which new attack vectors are countered with new Business Benefits security products. Reduce the overhead associated with This comes at a significant cost to governments. Every new solution that helps purchasing, deploying, operating and secure endpoints, SaaS, remote access, or other network areas and functions managing a plethora of security products, also adds complexity and cost. More security products can bestow a false sense each designed to do a small range of things. of security, since the complexity of many point products can reduce visibility, instead of improving security, for the network and its endpoints. Solutions often Operational Benefits add new hardware, which increases Capex costs. Individual solutions are also Minimize network disruption and risk with individually managed, increasing operational overhead and straining under-re- an extensible, flexible platform that protects sourced security teams. Finally, these solutions function in isolation, making your business as it expands, adopts new it impossible to leverage insights from the others, speed threat prevention or technologies or moves to the cloud. Improve achieve an integrated view of an organization’s security posture. visibility and simplify compliance by leveraging a consolidated set of screens, dashboards, logs Business Drivers and reports on a variety of security threats, Consolidation of network security into fewer devices is being driven by several including attempts at data exfiltration. factors, but underlying all of them is the desire to use security resources efficiently – particularly since the demand for cybersecurity professionals outstrips supply.1 Security Benefits High-profile data breaches have elevated the importance of cybersecurity in Automatically correlate threat insights senior government positions. Government data breaches often involve the loss across the organization, and swiftly update of valuable personal information, or highly confidential data that has national threat prevention to every platform security value. Administrators now want regular reports on cybersecurity deployment regardless of location – statistics and effectiveness. These are proving difficult and time-consuming to endpoint, network or cloud. pull together as security solutions proliferate. 1. http://blog.indeed.com/2017/01/17/cybersecurity-skills-gap-report/ Palo Alto Networks | Reduce Costs and Complexity With Network Security Consolidation | Use Case 1 USE CASE: Reduce Costs and Complexity With Network Security Consolidation As cyberattacks increase in volume and sophistication, governments are finding it more difficult to keep pace with thwarting them. Since 98 percent of network compromises take only minutes to execute,2 the focus must be on prevention rather than detection. Preventing the spread of new or multi-method threats requires correlation and coordination, which are two areas where discrete se- curity functions (such as within a UTM) and products fall short. Correlation and coordination become even more difficult to execute as the numbers of vendors and products increase. Similarly, governments must regularly demonstrate compliance with applicable data protection, privacy, accounting and other regulations. Data aggregation and correlation between multiple security products to support these initiatives are time-consuming for security teams. Traditional Approaches As new threats emerge, the traditional approach has been to add new, discrete security appliances and solutions to the network and its elements. For example, security vendors countered application-level attacks with intrusion prevention systems. As viruses became popular, governments added antivirus to endpoints. Phishing emails increased the popularity of content filtering. This approach has resulted in an explosion of separate appliances and solutions for network security, including: • Firewalls • Web proxy servers • Network intrusion detection/prevention • Gateway antivirus/anti-spam solutions • Virtual private network (VPN) appliances • Content filtering • Web filtering • Zero-day exploit prevention • Cloud and SaaS security • SSL decryption devices There are distinct challenges with multiple security vendors and appliances: • Lack of visibility: With multiple unintegrated security products, it’s difficult to get a comprehensive view of network traffic and potential threats. • Operational complexity: Each point product is separately managed by its own management interface, requires time and train- ing to manage, and results in greater overhead for security teams, which must manually update security appliances, correlate insights, amalgamate logs and events, and trawl through logs. • Reduced performance: As the numbers of boxes and solutions increase, so does network latency, impacting time-sensitive applications. • Higher costs: More devices cost more to purchase, including support and subscriptions. It’s becoming more common to link many separate security solutions together using a security information and event management product. While SIEMs are useful, they are most useful for forensic analysis, incident response and remediation. Some security vendors attempt to consolidate multiple security functions into a single physical appliance, sharing power, cooling and rack space. However, their software technologies remain unintegrated, and they cannot share context and correlate between security functions. Many vendors have separate management interfaces for different security functions. Palo Alto Networks Approach In stark contrast to other approaches, Palo Alto Networks® consolidates multiple complementary security functions into a single, natively integrated platform, safely enabling users, applications and traffic across endpoints, networks, cloud and SaaS environments. The many benefits of this platform approach include: • Faster time to threat prevention: Automatically correlated insights between security functions, as well as automatic distribution of signatures and other preventions, quickly repel the newest threats in all locations. • Greater security insights due to contextual threat intelligence applied across security functions. • Simpler management: The entire suite of security functions and policies is managed from a single interface, reducing manage- ment complexity for IT and security teams. 2. Verizon 2017 Data Breach Investigations Report Palo Alto Networks | Reduce Costs and Complexity With Network Security Consolidation | Use Case 2 USE CASE: Reduce Costs and Complexity With Network Security Consolidation • Comprehensive safe enablement: A single pane of glass provides complete visibility into users, applications and traffic in all locations across mobile, network, cloud and SaaS environments. • Flexibility: Organizations can choose which security functions to integrate and add security functions over time as business needs change. • Lower operating costs: New security functions do not require more hardware installations, additional training for security teams or more management overhead. • Less disruption: Adding new security functions does not disrupt availability or require architecture changes. In many cases you can add security functions remotely, eliminating a truck roll or the requirement for on-site IT or security staff. • Reduced latency: Fewer boxes and traffic inspection points improve latency for time-sensitive applications. Palo Alto Networks Next-Generation Security Platform automatically correlates insights on emerging threats across endpoints, data centers, SaaS and cloud resources, ensuring fast responses to any threat without manual intervention. As you add security capabilities, coordination increases, as does return on investment. Platform security capabilities include the following: • Next-Generation Firewall classifies all traffic – including encrypted traffic – and enforces policies based on applications, users and content without sacrificing performance. It can selectively decrypt encrypted traffic for analysis and segment networks based on users or groups. • WildFire™ cloud-based threat analysis service dynamically analyzes suspicious content in a virtual environment to discover zero-day threats. • Threat Prevention includes IPS, malware protection, DNS sinkhole, and command-and-control protection. • URL Filtering continually updates with new phishing and malware sites, as well as sites associated with attacks, even blocking malicious links in emails. • GlobalProtect™ network security for endpoints extends a VPN and the protection of the Palo Alto Networks platform to mobile staff, employees with mobile devices and third-party contractors. • Traps™ advanced endpoint protection blocks